since then, I can’t authenticate using AppTokens anymore and I have [INF] messages stating that CORS Policies execution fails [INF] CORS policy execution failed. (09b6f179)
This situation is a bit problematic as in this situation, it’s no longer possible to connect to the server using the cmdlets. After using Connect-PSUServer -ComputerName "https://myserver.domain.local all commandlets are returning Get-UAGitStatus: Call failed with status code 401 (Unauthorized): GET https://myserver.domain.local/api/v1/GitStatus
I don’t know how you did handle the CORS within the kestrel, do you have any inputs on this ?
While IIS and appsettings.json are configured to use HTTPS it seems when I querying the headers using the API, I got information as follow:
We currently don’t have the ability to configure CORS but we should add that. As for the the cmdlets, you should still be able to use AppTokens but since you can’t that seems like a bug. We should probably also use the default credentials but that’s currently not possible. I’ll add a -UseDefaultCredentials to the cmdlets.
I guess the `X-Original-For` is due to how iis handles the webserver?
Yep. It’s proxying from HTTPS to HTTP on that internal port and sending it to PSU.
Hmmm. Yeah that seems like it makes sense. I think enabling anonymous would allow the token to get through the IIS auth layer and then use the authentication within PSU rather than windows auth.
I’ll keep looking around if I find anything.
